Authors

Title

Two sub-optimal algorithms for detecting cyber/physical attacks on SCADA systems

In

Proceedings of the X International Conference “System Identification and Control Problems”, SICPRO’15

Pages

1144–1156

Year

2015

Indexed by

Abstract

The problem of detecting cyber/physical attacks on Supervisory Control And
Data Acquisition (SCADA) systems is addressed in this paper. The detection
of attacks is formulated as the problem of detecting transient changes in
stochastic-dynamical systems in the presence of unknown system states (often
regarded as the nuisance parameter) and random noises. The negative impact of
the nuisance parameter is eliminated by exploiting some well-known techniques
in fault diagnosis community. The Variable Threshold Window Limited CUmulative
SUM (VTWL CUSUM) algorithm is utilized to detect the changes in the
sequence of residuals generated from either the Kalman filter or the parity space method. Taking into account the transient change detection criterion, minimizing the worst-case probability of missed detection given an acceptable level of the worst-case probability of false alarm, the thresholds are tuned for optimizing the VTWL CUSUM algorithm. It will be shown that the optimal VTWL
CUSUM test is equivalent to the simple Finite Moving Average (FMA) detection
rule. The theoretical results are applied to the problem of cyber/physical
attack detection in a simple SCADA water distribution network. Moreover, the
statistical performance comparison between the Kalman filter-based algorithm
and the parity space-based counterpart is realized by using the Monte Carlo
simulation.

Affiliations

Offprint